The development of the O-ISM3 standard has been in process in the Security Forum for the past 18 months. Like all Open Group standards, O-ISM3 was developed through an open, consensus-based process. The O-ISM3 standard leverages work previously done by the ISM3 consortium to produce the ISM3 version 2.3 document.

Provides a framework to align security objectives and security targets to overall business objectives

Delivers a much-needed continuous improvement approach to the management of information security

Expresses security outcomes in positive terms

O-ISM3 can be implemented as a top-down methodology to manage an entire information security program, or it can be deployed more tactically, starting with just a few information security processes. As such, it can deliver value to information security organizations of varying sizes, maturity levels, and in different industries.

The Open Group is conducting a series of webcasts on the O-ISM3 standard in April and May. Details and registration may be found here.

Many thanks to the many members of The Open Group who worked hard over the past 18 months to make O-ISM3 a reality. Many had a hand in developing O-ISM3 in the Security Forum, and I thank them all; however, I would be remiss if I did not recognize the leadership of workgroup chair Vicente Aceituno, who brought this work to The Open Group, and who has continued to work tirelessly to make O-ISM3 an important standard for information security.

The working group will in the coming months be developing maturity levels for O-ISM3, and exploring certification programs. If you have interest in O-ISM3 and these future developments, please contact us at ogsecurity-interest@opengroup.org and we will help you get involved.

An IT security industry veteran, Jim is Vice President of Security at The Open Group, where he is responsible for security programs and standards activities. He holds the CISSP and GSEC certifications. Jim is based in the U.S.